<%@ page language="java" contentType="text/html;
         charset=UTF-8" pageEncoding="UTF-8"%>
  <%@ page import = "java.sql.*" %>     
  <%@ include file = "../connstring.jsp"%>       
                 
<%
request.setCharacterEncoding("UTF-8");
String strYhm=request.getParameter("yhm");
String strMm=request.getParameter("mm");
if(strYhm==null) strYhm="";
if(strMm==null) strMm="";
strYhm = strYhm.replace(" ", "");
strYhm = strYhm.replace("=", "");
strYhm = strYhm.replace("'", "");
strMm = strMm.replace(" ", "");
strMm = strMm.replace("=", "");
strMm = strMm.replace("'", "");

if(strYhm.trim().equals("")||strMm.trim().equals("")){
  %>
  <script type="text/javascript">
  alert("用户名或密码错误！请重试。");
  history.go(-1);
  </script>
<%
}
else
{
	Connection conn = null;
	Statement stmt = null;
	ResultSet rs = null;
	try{
		Class.forName(driver);
		conn = DriverManager.getConnection(url);
		stmt = conn.createStatement();
		String sql = "select * from siteuser where username ='" + strYhm + "' and password ='" + strMm + "'";          
		rs = stmt.executeQuery(sql);
		if(rs.next()){
			session.setAttribute("username", strYhm);
			response.sendRedirect("index.jsp");
		}
		else
		{
%>
		}
			<script type="text/javascript">
			  alert("用户名或密码错误！请重试。");
			  history.go(-1);
			</script>
<%
		}		
    }
     catch(Exception ex){
    	 out.println(ex.getMessage());
     }
     finally{
    	 if(rs != null) rs.close();
    	 if(stmt != null) stmt.close();
    	 if(conn != null) conn.close();
     }
}     
%>